Research on Principle Techniques for Network Intrusion Detection based on Data Mining and Analysis Approach

Abstract

The security of software applications, from web-based applications to mobile services, is always at risk because of the open society of internet. With the increase in the number of network throughput and security threats, intrusion detection system has attracted much attention in recent years. In this paper, we undertake the research on the principle techniques for network intrusion detection based on data mining and analysis approach. We adopt the prior knowledge on Bayesian network which is a directed acyclic graph, each node represents a random variable and an edge said direct probabilistic dependencies between two connected nodes. Then, we use the traditional risk assessment model to measure the possibility of being hearted. The numeric analysis and experimental illustration indicates the effectiveness of our method compared with other popular adopted state-of-the-art methodologies. In the future, we plan to introduce the graph and complex network theory into our prototype system to enhance the performance. Introduction The security of software applications, from web-based applications to mobile services, is always at risk because of the open society of internet. With the increase in the number of network throughput and security threats, intrusion detection system has attracted much attention in recent years. IDS mechanism for monitoring system and network case, collect useful data, such as suspicious activity and environmental background, and analyzes the data to detect malicious intent. In general, intrusion detection method is divided into signature-based intrusion detection or anomaly-based intrusion detection system (ads). SD is a known process comparison signature pattern attack or threat to capture events to identify possible invasion [1-2]. Found in the process of advertising from a known behavior, behavior and construct summary on behalf of the normal or expected from monitoring routine activities, network connection, the host or the user for a period of time. The current industrial NIDS misuse-based method and practical solutions, using the signature against intrusion detection model each of these types of attacks [3-5]. As a typical misuse detection method, search package attack pattern matching methods and use agreement rules and string matching. Pattern matching method can effectively detect the invasion of the famous. But they rely on timely generate attack signatures, and to detect the novel and unknown attacks [6-7]. In the spread of the novel and unknown attack and defense based on signature of any known attacks are possible. In addition, increase the diversity of attack signature block modeling [8]. Machine learning process will automatically from the data dependence, inference and generalization to invisible data extrapolation of dependencies. Machine learning method of the intrusion detection model and attack data of normal network data, and allow the network characteristics were used to detect the unknown attacks. To address the problems raised above, we built a Bayesian classifier for intrusion detection by Bayesian Model Averaging (BMA) over the k-best BN classifiers. When future data points are classified, the decision is made by averaging over the prediction results of the k-best BN classifiers. The motivation of doing this is that multiple BNs are better than one BN in representing the probability distribution of the model space, thus they offer better predictive power than one network, particularly in the domain where only small training datasets are available. International Conference on Intelligent Systems Research and Mechatronics Engineering (ISRME 2015) © 2015. The authors Published by Atlantis Press 513 In this paper, we conduct research on principle techniques for network intrusion detection based on data mining and analysis approach. We will adopt the state-of-the-art machine learning and data mining tools to help detecting the dangerous elements in the network. The systematic description of our approach and the algorithm analysis are shown in the following sections. Our Proposed Approach Bayesian Network based Theory. This is a directed acyclic graph, each node represents a random variable and an edge said direct probabilistic dependencies between two connected nodes. For each node, contains the node has a conditional probability distribution probability of the different values in the value of his parents. Formal, lattice structure assertions, each node is conditionally independent of all non-descendants to its parent node. The probability is shown in the formula 1.